在完成基础服务部署之后,我们需要部署一个dashboard来管理我们的节点,监控我们的服务。
1:下载kubernetes-dashboard.yaml
可以直接按照官网的方式进行安装。但是鉴于镜像无法下载的原因,我把他下载到服务器上了。
[root@master dashboard]# wget -c https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
2:修改kubernetes-dashboard.yaml
需要修改的地方有3个地方,image和nodePort以及权限角色部分(三个点是省略符号)
[root@master dashboard]# vi kubernetes-dashboard.yaml
...
#image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
...
# ------------------- Dashboard Secrets ------------------- #
#下面部分注释掉
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kube-system
#type: Opaque
...
#使用ClusterRole角色
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
nodePort: 30443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
这里将端口30443暴露出来,方便外部访问。
3:默认情况下,就可以执行安装命令了,但是默认安装之后,因为生成的证书日期有误,导致除Firefox可以访问之外,其他浏览器都无法访问。这里我们需要解决这个问题。
3.1:生成证书(通过openssl)
[root@master dashboard]# openssl genrsa -out dashboard.key 2048
[root@master dashboard]# openssl req -x509 -new -nodes -key dashboard.key -subj "/CN=192.168.2.152" -days 3650 -out dashboard.crt
这里的IP地址就是dashboard所在节点的IP地址(这个IP地址后面建议使用域名来代替,这个坑目前尚未补起,暂时使用IP地址)
3.2:生成Secret,名称为: kubernetes-dashboard-certs
[root@master dashboard]# kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt
3.3:若提示kubernetes-dashboard-certs服务已存在,则先删除。删除命令如下:
[root@master dashboard]# kubectl delete secret kubernetes-dashboard-certs --force --grace-period=0 -n kube-system
3.4:启动kubernetes-dashboard
[root@master dashboard]# kubectl apply -f kubernetes-dashboard.yaml
4:可以使用浏览器进行访问,访问时,要求选择登陆方式,我们一般选择Token,Token获取方式
[root@master dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret |grep 'dashboard-token' |awk '{print $1}')
Name: kubernetes-dashboard-token-shwpl
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: f5104379-8dae-11e9-8d09-080027b45424
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1zaHdwbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImY1MTA0Mzc5LThkYWUtMTFlOS04ZDA5LTA4MDAyN2I0NTQyNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.lPJ8uZVGLeh6WSEI_pEPM64_JbDQF3t8qQTyJJrb5nIe1Je3Rcu_gbqQ8vjNYTppjg6TYRxBJc4GPMAqT9R5qtdbi6D0iEDhkjldmTFcGPU-Tmd2LwhpC1QIeB_nrEK7qQAC7M27Par7dZ9AsIE6zlMl8Z2pjWY4ABUkeYUAXnQ8SXuaz_MeBcLUj0ODl_EuH-HOGrXniyI4AbwiZ1b_WhbdLU4c0QtCjo2ocmOTKWC3tcrb32pJA-S8YhWYkyglkCxzhBRcZYbzBUl1163FRuBukKJRlQEAxaqXAUrp15s4Zfjr_Yt3Iy5zrxsfUJJMPMyciB1zIfJvaIJjAssRiw
ca.crt: 1025 bytes
namespace: 11 bytes
登录成功之后可以看见仪表板:
5:为了更多信息,我们可以安装Heapster插件(本人技术有限,截止本文发布,插件虽然安装成功,但是功能未成功。)
5.1:下载Heapster最新版本
[root@master dashboard]# wget https://github.com/kubernetes-retired/heapster/archive/v1.5.4.tar.gz
5.2:解压
[root@master dashboard]# tar -xf v1.5.4.tar.gz
5.3:将配置文件打包放在一个统一目录下
[root@master dashboard]# mkdir yaml
[root@master yaml]# pwd
/usr/local/utump/deploy/dashboard/heapster/yaml
[root@master yaml]# cp /usr/local/utump/deploy/dashboard/heapster/heapster-1.5.4/deploy/kube-config/influxdb/*.* ./
[root@master yaml]# cp /usr/local/utump/deploy/dashboard/heapster/heapster-1.5.4/deploy/kube-config/rbac/* ./
[root@master yaml]# ll
总用量 16
-rw-r--r--. 1 root root 2396 6月 13 11:04 grafana.yaml
-rw-r--r--. 1 root root 264 6月 13 11:01 heapster-rbac.yaml
-rw-r--r--. 1 root root 1427 6月 13 15:44 heapster.yaml
-rw-r--r--. 1 root root 1081 6月 13 13:09 influxdb.yaml
5.4:修改配置文件中的image镜像地址,全部替换mirrorgooglecontainers
[root@master yaml]# vi heapster.yaml
...
#image: gcr.io/google_containers/heapster-amd64:v1.5.3
image: mirrorgooglecontainers/heapster-amd64:v1.5.3
...
5.5:修改grafana.yaml 文件,暴露服务到外部
[root@master yaml]# vi grafana.yaml
...
spec:
# In a production setup, we recommend accessing Grafana through an external Loadbalancer
# or through a public IP.
# type: LoadBalancer
# You could also use NodePort to expose the service at a randomly-generated port
# type: NodePort
type: NodePort
ports:
- port: 80
nodePort: 30080
targetPort: 3000
selector:
k8s-app: grafana
...
5.6:部署Heapster服务
[root@master yaml]# kubectl apply -f .
5.7:检查服务部署成功与否
[root@master yaml]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6897bd7b5-bszk4 1/1 Running 380 8d
coredns-6897bd7b5-qxjdc 1/1 Running 380 8d
etcd-master 1/1 Running 3 8d
heapster-586f9f7dc-sjrb5 0/1 Pending 0 11m
kube-apiserver-master 1/1 Running 3 8d
kube-controller-manager-master 1/1 Running 4 8d
kube-proxy-8255f 1/1 Running 3 8d
kube-proxy-9chv4 1/1 Running 2 8d
kube-scheduler-master 1/1 Running 3 8d
kubernetes-dashboard-68ddcc97fc-8r9bm 1/1 Terminating 0 2d19h
monitoring-grafana-6566fbf99c-vxbj4 0/1 Pending 0 11m
monitoring-influxdb-66dbc76bf9-fs6tn 0/1 Pending 0 11m
weave-net-89ln6 2/2 Running 7 8d
weave-net-wr7pb 2/2 Running 4 8d
5.8:如上,如果一直pending的话,则需要进一步检查
[root@master yaml]# kubectl describe pod heapster-586f9f7dc-sjrb5 -n kube-system
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 51s (x20 over 21m) default-scheduler 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
5.9:如上提示的话,解决方案:
#检查情况
[root@master yaml]# kubectl get no -o yaml | grep taint -A 5
#尝试解决问题
[root@master yaml]# kubectl taint nodes --all node-role.kubernetes.io/master-
[root@master yaml]# kubectl taint nodes --all node.kubernetes.io/unreachable-
5.10:可以进行访问grafana
备注:安装Heapster插件虽然成功,但是在Dashboard中并没有发现有什么变化,通过Dashboard检查Heapster的日志发现,提示证书问题,然后使用自签名证书又提示自签名证书不可信。这里baidu了一些解决方案,在本文写完时,并没有测试通过。这里需要继续努力。